[Pkg-swan-devel] Bug#1121988: strongswan: Please enable the ML-KEM plugin
Tobias Westerhever
tobias.westerhever at skyline.link38.eu
Fri Dec 5 16:10:00 GMT 2025
Package: strongswan
Version: 6.0.1-6+deb13u2
Severity: wishlist
X-Debbugs-Cc: tobias.westerhever at skyline.link38.eu
Dear Maintainer,
commencing upstream version 6.0, strongSwan comes with support for
intermediary key exchange in IKE handshakes, as well as a plugin for the
ML-KEM PQC algorithm, named "ml".
Enabling this plugin is possible by adding the "--enable-ml" option to
./configure. According to the upstream documentation, strongSwan's
OpenSSL plugin does not support ML-KEM (yet), even if the OpenSSL
library present would do so.
Therefore, it is currently not possible to establish IPsec connections
with a post-quantum key exchange on Debian systems using packaged
strongSwan.
If possible, it would be great to have the "ml" strongSwan plugin be
available as well, so existing IPsec setups can be migrated towards
PQC-resistant faster, without incurring the delay of strongSwan's
OpenSSL plugin adding support for ML-KEM.
Thank you for your time and efforts!
Best regards,
Tobias
-- System Information:
Debian Release: 13.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.57+deb13-amd64 (SMP w/2 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages strongswan depends on:
ii strongswan-charon 6.0.1-6+deb13u2
ii strongswan-starter 6.0.1-6+deb13u2
strongswan recommends no packages.
strongswan suggests no packages.
-- no debconf information
More information about the Pkg-swan-devel
mailing list